support SHA-224 certificates. Portions of this patch are contributed
by Hanno Boeck <hanno@hboeck.de>. r=wtc,emaldona.
Modified Files:
cmd/lib/secutil.c lib/cryptohi/seckey.c lib/cryptohi/secsign.c
lib/cryptohi/secvfy.c lib/pk11wrap/pk11mech.c
lib/pk11wrap/pk11slot.c lib/pkcs12/p12local.c
lib/softoken/rsawrapr.c lib/ssl/ssl3ecc.c lib/util/secalgid.c
git-svn-id: svn://10.0.0.236/trunk@263002 18797224-902f-48f8-a5cc-f745e15eee43
of nssrenam.h. Remove functions that no longer need to be renamed from
nssrenam.h. r=rrelyea.
Modified Files:
cmd/vfychain/vfychain.c lib/certdb/stanpcertdb.c
lib/crmf/asn1cmn.c lib/crmf/cmmfrec.c lib/crmf/respcmn.c
lib/nss/nss.def lib/nss/nssrenam.h lib/pkcs12/p12e.c
lib/pkcs7/certread.c lib/pkcs7/p7decode.c lib/pkcs7/p7encode.c
lib/smime/cmsutil.c lib/ssl/ssl3con.c lib/ssl/ssl3ecc.c
lib/ssl/sslnonce.c lib/ssl/sslsnce.c
git-svn-id: svn://10.0.0.236/trunk@247455 18797224-902f-48f8-a5cc-f745e15eee43
type we expect before using it. r=nelsonb
Modified Files: ssl3con.c ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@216773 18797224-902f-48f8-a5cc-f745e15eee43
on failure so that the error code can be retrieved later. r=nelsonb and
alexei.volkov.
git-svn-id: svn://10.0.0.236/trunk@216601 18797224-902f-48f8-a5cc-f745e15eee43
and not TLS, they should not negotiate ECC ciphersuites at all.
Bug 341707. r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@203068 18797224-902f-48f8-a5cc-f745e15eee43
1) it adds a new ifdef which enables SSL to limit itself to the 3 Suite B
curves.
2) it corrects the creation and parsing of the Supported Curve extension to
conform with the lastest definition, by using 2 bytes to encode the list
length,
3) it changes the algorithm that picks the curve for ECDHE to choose a curve
that is at least as strong as the "weakest link", is mutually supported
by client and server, and is the fastest for its size.
git-svn-id: svn://10.0.0.236/trunk@195173 18797224-902f-48f8-a5cc-f745e15eee43
This patch has a known problem, choosing ephemeral ECDH curves
according to the wrong (suboptimal, non-FIPS) criteria.
Modified Files: ssl3con.c ssl3ecc.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@194359 18797224-902f-48f8-a5cc-f745e15eee43
SECItem pointing to memory allocated with PORT_Alloc, so we don't need to
use PORT_Free to free the SECItem's buffer. r=nelsonb.
git-svn-id: svn://10.0.0.236/trunk@182253 18797224-902f-48f8-a5cc-f745e15eee43
Reorganize the SSL Socket structure contents to obviate ssl3 pointer.
Move much of the ECC code from ssl3con to new file ssl3ecc.c. derive.c
implements derivation of the SSL/TLS master secret and the encryption and
MAC keys and IVs without using PKCS11. Bug 305147. r=rrelyea.
Modified Files: ssl/config.mk ssl/manifest.mn ssl/ssl.h ssl/ssl3con.c
ssl/ssl3gthr.c ssl/sslauth.c ssl/sslcon.c ssl/ssldef.c ssl/sslgathr.c
ssl/sslimpl.h ssl/sslinfo.c ssl/sslnonce.c ssl/sslsecur.c ssl/sslsnce.c
ssl/sslsock.c
Added Files: ssl/derive.c ssl/ssl3ecc.c
git-svn-id: svn://10.0.0.236/trunk@179892 18797224-902f-48f8-a5cc-f745e15eee43
